<!--
/**
 * @file Permissions.html
 * @author Alejandro Dario Simi
 * @date $Date: 2013-08-05 00:26:28 +0000 (Mon, 05 Aug 2013) $
 *
 * $Id: Permissions.html 100 2013-08-05 00:26:28Z daemonraco@gmail.com $
 * $URL: http://wcomix.googlecode.com/svn/branches/wcomix-1.0/docs/Permissions.html $
 */
-->
<html>
	<head>
		<title>Permissions</title>
		<script type="text/javascript" src="jquery-1.8.0.min.js"></script>

		<script type="text/javascript" src="SyntaxHighlighter/scripts/shCore.js"></script>
		<link type="text/css" rel="stylesheet" href="SyntaxHighlighter/styles/shCoreEclipse.css"/>
		<link type="text/css" rel="stylesheet" href="SyntaxHighlighter/styles/shThemeEclipse.css"/>
		<script type="text/javascript">SyntaxHighlighter.all();</script>

		<link rel="stylesheet" type="text/css" href="docs.css"/>
		<script type="text/javascript" src="docs.js"></script>
	</head>
	<body>
		<div class="Section">
			<span class="Title">Table Of Contents</span>
			<div class="TableOfContents"></div>
		</div>
		<div class="Section">
			<span class="Title">Permissions</span>
			<div class="Paragraph">
				<p>wcomix manage access for different tasks and operations based on two concepts:<ul>
					<li>Profile</li>
					<li>Permission</li>
				</ul></p>
			</div>

			<span class="SubTitle">Profile</span>
			<div class="Paragraph">
				<p>[CO:Profile] is the way wcomix has to reference a list premissions. Also, each user has
				a [CO:Profile] assigned on each wcomix group.</p>
			</div>

			<span class="SubTitle">Permission</span>
			<div class="Paragraph">
				<p>[CO:Permission] is an internal numeric code used to specify something that a user can do.</p>
			</div>
		</div>

		<div class="Section">
			<span class="Title">Hierarchy</span>
			<div class="Paragraph">
				<p>All profiles manage by wcomix belong to a hierarchy also called pyramid of profiles.
				Instead of defining all an every permission a profile needs, wcomix associates profiles only
				with those permissions it represents and then with other profile that is inferior in what
				it can do.</p>
				<p>Later, when some allowance is check, wcomix goes through every profile and their permissions
				from the current profile until the bottom of the pyramid, and then it it decides to allow or not.</p>
			</div>

			<span class="SubTitle">Pyramid</span>
			<div class="Paragraph">
				<p>By default, wcomix uses this piramid:<ul>
					<li>'ROOT' falls to 'ADMIN'</li>
					<li>'ADMIN' falls to 'ORGANIZER'</li>
					<li>'ORGANIZER' falls to 'COLLECTOR'</li>
					<li>'COLLECTOR' falls to 'TAGGER'</li>
					<li>'TAGGER' falls to 'USER'</li>
					<li>'USER' falls to 'ANON"</li>
					<li>'ANON' falls to '*'</li>
				</ul></p>
				<p>In this case, 'ROOT' is used for errors and '*' is used just as a defualt.</p>
			</div>

			<span class="SubTitle">Direct</span>
			<div class="Paragraph">
				<p>Direct is a way to assign permission only to a profile and avoid a pyramid propagation</p>
			</div>
		</div>

		<div class="Section">
			<span class="Title">wcomix Permissions</span>
			<div class="Paragraph">
				<p>Basically, wcomix manages this permissions:</p>
				<center><table><thead><tr>
					<th>Code</th>
					<th>Name</th>
					<th>Description</th>
				</tr></thead><tbody>
					<tr><td>101</td><td>WC_PERM_ACTION_ADD</td><td class="Justify">Create a new rule action.</td></tr>
					<tr><td>102</td><td>WC_PERM_ACTION_EDIT</td><td class="Justify">Edit a rule action.</td></tr>
					<tr><td>104</td><td>WC_PERM_ACTION_REMOVE</td><td class="Justify">Delete a rule action.</td></tr>
					<tr><td>105</td><td>WC_PERM_ACTION_RENAME</td><td class="Justify">Rename a rule action.</td></tr>
					<tr><td>801</td><td>WC_PERM_COLLECTION_ADD</td><td class="Justify">Create a new collection.</td></tr>
					<tr><td>802</td><td>WC_PERM_COLLECTION_EDIT</td><td class="Justify">Edit a collection.</td></tr>
					<tr><td>803</td><td>WC_PERM_COLLECTION_LIST</td><td class="Justify">View the list of collections.</td></tr>
					<tr><td>804</td><td>WC_PERM_COLLECTION_REMOVE</td><td class="Justify">Delete a collection.</td></tr>
					<tr><td>805</td><td>WC_PERM_COLLECTION_RENAME</td><td class="Justify">Rename a collection.</td></tr>
					<tr><td>810</td><td>WC_PERM_COLLECTION_VIEW</td><td class="Justify">View a collection's contents.</td></tr>
					<tr><td>202</td><td>WC_PERM_COMIC_EDIT</td><td class="Justify">Edit a comic.</td></tr>
					<tr><td>203</td><td>WC_PERM_COMIC_LIST</td><td class="Justify">View the list of comics.</td></tr>
					<tr><td>205</td><td>WC_PERM_COMIC_RENAME</td><td class="Justify">Rename a comic.</td></tr>
					<tr><td>225</td><td>WC_PERM_COMIC_SET_COLLECTION</td><td class="Justify">Add a comic to a collection.</td></tr>
					<tr><td>206</td><td>WC_PERM_COMIC_SET_RATE</td><td class="Justify">Give an opinion about a comic</td></tr>
					<tr><td>207</td><td>WC_PERM_COMIC_SET_READ</td><td class="Justify">Mark a comic as read/unread.</td></tr>
					<tr><td>208</td><td>WC_PERM_COMIC_SET_TAG</td><td class="Justify">Add a tag to a comic.</td></tr>
					<tr><td>209</td><td>WC_PERM_COMIC_TRASH</td><td class="Justify">Assign tag "Garbage" to a comic.</td></tr>
					<tr><td>210</td><td>WC_PERM_COMIC_VIEW</td><td class="Justify">Read a comic.</td></tr>
					<tr><td>302</td><td>WC_PERM_DIRECTORY_EDIT</td><td class="Justify"></td></tr>
					<tr><td>303</td><td>WC_PERM_DIRECTORY_LIST</td><td class="Justify">View the list of directories.</td></tr>
					<tr><td>305</td><td>WC_PERM_DIRECTORY_RENAME</td><td class="Justify">Rename a directory.</td></tr>
					<tr><td>308</td><td>WC_PERM_DIRECTORY_SET_TAG</td><td class="Justify">Add a tag to a directory's contents.</td></tr>
					<tr><td>310</td><td>WC_PERM_DIRECTORY_VIEW</td><td class="Justify">View a directory's contents.</td></tr>
					<tr><td>402</td><td>WC_PERM_GROUP_EDIT</td><td class="Justify">Edit a group.</td></tr>
					<tr><td>405</td><td>WC_PERM_GROUP_RENAME</td><td class="Justify">Rename a group.</td></tr>
					<tr><td>426</td><td>WC_PERM_GROUP_SWITCH</td><td class="Justify">Change current group.</td></tr>
					<tr><td>501</td><td>WC_PERM_RULE_ADD</td><td class="Justify">Create a new rule.</td></tr>
					<tr><td>502</td><td>WC_PERM_RULE_EDIT</td><td class="Justify">Edit a rule.</td></tr>
					<tr><td>503</td><td>WC_PERM_RULE_LIST</td><td class="Justify">View the list of rules.</td></tr>
					<tr><td>504</td><td>WC_PERM_RULE_REMOVE</td><td class="Justify">Delete a rule.</td></tr>
					<tr><td>505</td><td>WC_PERM_RULE_RENAME</td><td class="Justify">Rename a rule.</td></tr>
					<tr><td>916</td><td>WC_PERM_SPECIAL_CREDIT</td><td class="Justify">Visit the special page of credits.</td></tr>
					<tr><td>918</td><td>WC_PERM_SPECIAL_LOGO</td><td class="Justify">Visit the special page of logo.</td></tr>
					<tr><td>919</td><td>WC_PERM_SPECIAL_MENU</td><td class="Justify">Visit the special page of menu.</td></tr>
					<tr><td>920</td><td>WC_PERM_SPECIAL_NOTHING</td><td class="Justify">Visit the special page of "nothing".</td></tr>
					<tr><td>917</td><td>WC_PERM_SPECIAL_RANDOM</td><td class="Justify">Visit the special page of random contents.</td></tr>
					<tr><td>921</td><td>WC_PERM_SPECIAL_SEARCH</td><td class="Justify">Visit the special page of searchs.</td></tr>
					<tr><td>922</td><td>WC_PERM_SPECIAL_STATS</td><td class="Justify">Visit the special page of statistics.</td></tr>
					<tr><td>915</td><td>WC_PERM_SPECIAL_VERSION</td><td class="Justify">Visit the special page of versions.</td></tr>
					<tr><td>1010</td><td>WC_PERM_STATS_VIEW</td><td class="Justify">Create a new user.</td></tr>
					<tr><td>601</td><td>WC_PERM_TAG_ADD</td><td class="Justify">Edit a user.</td></tr>
					<tr><td>603</td><td>WC_PERM_TAG_LIST</td><td class="Justify">View the list of users.</td></tr>
					<tr><td>604</td><td>WC_PERM_TAG_REMOVE</td><td class="Justify">Delete a tag.</td></tr>
					<tr><td>605</td><td>WC_PERM_TAG_RENAME</td><td class="Justify">Delete a tag.</td></tr>
					<tr><td>608</td><td>WC_PERM_TAG_SET_TAG</td><td class="Justify">Rename a tag.</td></tr>
					<tr><td>610</td><td>WC_PERM_TAG_VIEW</td><td class="Justify">View a tag's contents.</td></tr>
					<tr><td>701</td><td>WC_PERM_USER_ADD</td><td class="Justify">Create a new user.</td></tr>
					<tr><td>714</td><td>WC_PERM_USER_ADMIN</td><td class="Justify">Edit a user privileges.</td></tr>
					<tr><td>702</td><td>WC_PERM_USER_EDIT</td><td class="Justify">Edit a user.</td></tr>
					<tr><td>703</td><td>WC_PERM_USER_LIST</td><td class="Justify">View the list of users.</td></tr>
					<tr><td>712</td><td>WC_PERM_USER_LOGIN</td><td class="Justify">Open a user sesion.</td></tr>
					<tr><td>713</td><td>WC_PERM_USER_LOGOUT</td><td class="Justify">Close a user sesion.</td></tr>
					<tr><td>711</td><td>WC_PERM_USER_REGISTER</td><td class="Justify">Register as a new user.</td></tr>
					<tr><td>723</td><td>WC_PERM_USER_RESET</td><td class="Justify">Reset password.</td></tr>
					<tr><td>724</td><td>WC_PERM_USER_SELF_EDIT</td><td class="Justify">Edit personal information.</td></tr>
				</tbody></table></center>
			</div>
		</div>

		<div class="Section">
			<span class="Title">wcomix Profiles</span>
			<div class="Paragraph">
				<p>Internally, wcomix devide its permission in this way for each profile:<ul>
					<li>[CO:ADMIN]<ul>
						<li>WC_PERM_SPECIAL_STATS</li>
						<li>WC_PERM_GROUP_EDIT</li>
						<li>WC_PERM_GROUP_RENAME</li>
						<li>WC_PERM_DIRECTORY_RENAME</li>
						<li>WC_PERM_USER_ADD</li>
						<li>WC_PERM_USER_LIST</li>
						<li>WC_PERM_USER_ADMIN</li>
						<li>WC_PERM_STATS_VIEW</li>
					</ul></li>
					<li>[CO:ORGANIZER]<ul>
						<li>WC_PERM_COMIC_EDIT</li>
						<li>WC_PERM_COMIC_RENAME</li>
						<li>WC_PERM_COMIC_TRASH</li>
						<li>WC_PERM_DIRECTORY_ADD</li>
						<li>WC_PERM_DIRECTORY_EDIT</li>
						<li>WC_PERM_RULE_ADD</li>
						<li>WC_PERM_RULE_EDIT</li>
						<li>WC_PERM_RULE_LIST</li>
						<li>WC_PERM_RULE_REMOVE</li>
						<li>WC_PERM_RULE_RENAME</li>
						<li>WC_PERM_ACTION_ADD</li>
						<li>WC_PERM_ACTION_EDIT</li>
						<li>WC_PERM_ACTION_REMOVE</li>
						<li>WC_PERM_ACTION_RENAME</li>
						<li>WC_PERM_USER_EDIT</li>
					</ul></li>
					<li>[CO:COLLECTOR]<ul>
						<li>WC_PERM_COMIC_SET_COLLECTION</li>
						<li>WC_PERM_COLLECTION_ADD</li>
						<li>WC_PERM_COLLECTION_EDIT</li>
						<li>WC_PERM_COLLECTION_RENAME</li>
						<li>WC_PERM_COLLECTION_REMOVE</li>
						<li>WC_PERM_COLLECTION_VIEW</li>
					</ul></li>
					<li>[CO:TAGGER]<ul>
						<li>WC_PERM_COMIC_SET_TAG</li>
						<li>WC_PERM_TAG_SET_TAG</li>
						<li>WC_PERM_TAG_ADD</li>
						<li>WC_PERM_TAG_REMOVE</li>
						<li>WC_PERM_TAG_RENAME</li>
						<li>WC_PERM_DIRECTORY_SET_TAG</li>
					</ul></li>
					<li>[CO:USER]<ul>
						<li>WC_PERM_USER_LOGOUT</li>
						<li>WC_PERM_COMIC_SET_RATE</li>
						<li>WC_PERM_COMIC_SET_READ</li>
						<li>WC_PERM_DIRECTORY_LIST</li>
						<li>WC_PERM_DIRECTORY_VIEW</li>
						<li>WC_PERM_USER_SELF_EDIT</li>
					</ul></li>
					<li>[CO:ANON]<ul>
						<li>Direct:<ul>
							<li>WC_PERM_USER_REGISTER</li>
							<li>WC_PERM_USER_RESET</li>
							<li>WC_PERM_USER_LOGIN</li>
						</ul></li>
						<li>Pyramid:<ul>
							<li>WC_PERM_SPECIAL_CREDIT</li>
							<li>WC_PERM_SPECIAL_LOGO</li>
							<li>WC_PERM_SPECIAL_MENU</li>
							<li>WC_PERM_SPECIAL_NOTHING</li>
							<li>WC_PERM_SPECIAL_RANDOM</li>
							<li>WC_PERM_SPECIAL_VERSION</li>
							<li>WC_PERM_SPECIAL_SEARCH</li>
							<li>WC_PERM_COMIC_LIST</li>
							<li>WC_PERM_COMIC_VIEW</li>
							<li>WC_PERM_TAG_LIST</li>
							<li>WC_PERM_TAG_VIEW</li>
							<li>WC_PERM_COLLECTION_LIST</li>
							<li>WC_PERM_COLLECTION_VIEW</li>
							<li>WC_PERM_GROUP_SWITCH</li>
						</ul></li>
					</ul></li>
				</ul></p>
			</div>
			<span class="SubTitle">ROOT</span>
			<div class="Paragraph">
				<p>There's another profile called ROOT that it's present in the list above, because it's a special profile.
				This profile receives a special treatment and avoids all permission check returning always 'allowed'.</p>
				<p>wcomix poccess only two users with this profile they are user '1' for 'root' and user '2' for 'cron'.
				If a other user (neither id '1' nor '2') has this profile, it will automatically act as an 'ADMIN' user.</p>
			</div>
		</div>
	</body>
</html>
